U2F support in OpenSSH HEAD
Damien Miller
djm at mindrot.org
Sun Nov 3 21:54:28 AEDT 2019
On Sat, 2 Nov 2019, Jordan J wrote:
> I've had a patch on the bugzilla for a while related to U2F with
> support for a few additional settings such as providing a path to a
> specific key to use instead of the first one found
This would need to be implemented in the middleware library, either
the one in libfido/tools/sk-libfido2.c or another.
> and setting if user
> presence is required when using the key. Is there any objection to
> folding those parts in if appropriate?
That's possible already: at keygen time, the default is to require
user presence for signatures but you can overide this by passing the
"-x 0" flag. This is currently undocumented, and I'll hopefully soon
get around to documenting it and making it accept mnemonic string
instead of raw U2F flags.
At authentication time, I've got a patch almost ready to require
user presence that I hope to commit next week.
-d
More information about the openssh-unix-dev
mailing list